9.3
CVE-2009-3604
- EPSS 8.7%
- Veröffentlicht 21.10.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:11:59
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Glyphandcog ≫ Xpdfreader Version2.00
Glyphandcog ≫ Xpdfreader Version2.01
Glyphandcog ≫ Xpdfreader Version2.02
Glyphandcog ≫ Xpdfreader Version2.03
Glyphandcog ≫ Xpdfreader Version3.00
Glyphandcog ≫ Xpdfreader Version3.01
Glyphandcog ≫ Xpdfreader Version3.02
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.7% | 0.944 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/37114
http://www.ubuntu.com/usn/USN-850-1
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.vupen.com/english/advisories/2010/1040
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://secunia.com/advisories/37028
http://secunia.com/advisories/37037
http://secunia.com/advisories/37043
http://secunia.com/advisories/37053
http://secunia.com/advisories/37077
http://secunia.com/advisories/37079
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://www.debian.org/security/2010/dsa-2028
http://www.debian.org/security/2010/dsa-2050
http://www.vupen.com/english/advisories/2009/2928
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
https://rhn.redhat.com/errata/RHSA-2009-1501.html
https://rhn.redhat.com/errata/RHSA-2009-1502.html
https://rhn.redhat.com/errata/RHSA-2009-1503.html
https://rhn.redhat.com/errata/RHSA-2009-1512.html
http://secunia.com/advisories/37023
https://rhn.redhat.com/errata/RHSA-2009-1500.html
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
http://secunia.com/advisories/37159
http://securitytracker.com/id?1023029
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
http://www.securityfocus.com/bid/36703
http://www.ubuntu.com/usn/USN-850-3
http://www.vupen.com/english/advisories/2009/2924
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2
http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2
http://secunia.com/advisories/37042
http://site.pi3.com.pl/adv/xpdf.txt
https://bugzilla.redhat.com/show_bug.cgi?id=526911
https://exchange.xforce.ibmcloud.com/vulnerabilities/53795
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10969